Email service providers can't send to/from Yahoo Mail addresses

Our DMARC policy proactively protects our users from increasing forged email spam. This is an important step to secure our users’ email identities from being used by unauthorized senders. If you're an email service provider (ESP), here's information about why your messages will be rejected due to failed authentication.

This means all DMARC compliant mail receivers (including Yahoo, Hotmail, and Gmail) are now bouncing emails sent as "@yahoo.com" addresses that aren't sent through Yahoo servers. Any messages without a proper Domain Keys Identified Mail (DKIM) signature or Sender Policy Framework (SPF) alignment will be rejected.

ESPs who use their customers' "@yahoo.com" address as the "From" address to send messages are impacted by this change.

Forged emails appear to be sent from a legitimate Yahoo email address even though they aren't, and are used to spread spam and other types of malicious phishing scams. It’s very difficult for the average user to recognize the difference between a legitimate email and a forged one. To protect our users from these threats, we've has taken the lead to secure emails by enforcing the new DMARC policy.

By publishing a "p=reject" record, Yahoo tells other DMARC compliant systems to reject mail that doesn't originate from a Yahoo server.

We recommend ESPs ensure all messages can be authenticated by DKIM and/or SPF. To achieve this, ESPs should use domains that they're authorized to send emails from. It's not recommended to use a customer’s personal domain.

To receive responses with an "@yahoo.com" address, either a Reply-To: header or email forwarding from authoritative domains are the suggested options. Bounces should also be managed within your authoritative domains.